CERTIFIED-IN-CYBERSECURITY Question #135: Real Exam Question with Answer & Explanation

Question

Which of these access control models is commonly used in the military?

Options

• AMandatory Access Control (MAC)
• BRole-Based Access Control (RBAC)
• CAttribute-Based Access Control (ABAC)
• DDiscretionary Access Control (DAC)

Explanation

Mandatory Access Control (MAC) is a model of access control that is commonly used in the military, because it enables the centralized management of access rights, as well as the enforcement of strict security policies (see ISC2 Study Guide, chapter 3, module 3). In MAC, access to resources is based on the classification level of a given resource, as well as on the clearance level of the user. The use of classification and clearance levels allows for a hierarchical approach to security, whereby access to more sensitive resources is restricted to users with a higher clearance level. This is important in the military, where the risk of unauthorized access or actions can have very serious consequences. Role-Based Access Control (RBAC) restricts access to the resources of a computer or network according to the roles of each individual user in the organization. Attribute- Based Access Control (ABAC) is based on complex attribute rules. In Discretionary Access Control (DAC), users can grant privileges to other subjects, as well as change the security attributes of objects they have access to.

No community discussion yet for this question.